0d5a7c59b8be738c3411d77b8e21df8374041d9a2d431f86281295ac4229739d

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2024 20:02

Target

0d5a7c59b8be738c3411d77b8e21df8374041d9a2d431f86281295ac4229739d.dll
Size

99KB
MD5

a89c99196ede82dd5be8e03a03ab4344
SHA1

363a1102436ac948d6a4cc533c55c6023df29111
SHA256

0d5a7c59b8be738c3411d77b8e21df8374041d9a2d431f86281295ac4229739d
SHA512

b1f8235598e4bc4d570bda00c85535b5b6a14a2146c589f4bb574f1a28a50d6b09765d933db87a124ad4d8d60ee9ccad3249585dae280f7ed993c533e11014d5
SSDEEP

1536:vOtvhIyY4rmw8JqEvkRyto+CLP6Ea26A5+ZSnCpYWF4urPcYWaYEj:vOtvhIBJqEculCLSEaGdnCpYqJLxTYE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 3300	5060	rundll32.exe	16
PID 5060 wrote to memory of 3300	5060	rundll32.exe	16
PID 5060 wrote to memory of 3300	5060	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d5a7c59b8be738c3411d77b8e21df8374041d9a2d431f86281295ac4229739d.dll,#1
1⤵
PID:3300

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d5a7c59b8be738c3411d77b8e21df8374041d9a2d431f86281295ac4229739d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060

memory/3300-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download